ClawHub

ZeeLin Twitter/X 运营

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates X/Twitter growth work, but it can immediately follow accounts and post public replies from a logged-in account with limited safeguards.

Install only if you intentionally want an agent to operate a live X account. Confirm the browser is logged into the correct account, keep batch sizes low, review target posts and comment text before execution, and consider platform rules and reputation risk from automated follows or public replies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad and include common language such as '回关', '检查回关', and '今天做下推特运营', which increases the chance of accidental invocation. Because the skill is designed to immediately execute follow/comment actions on a logged-in social account, an unintended trigger can cause unauthorized public actions and account changes in the same turn.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to operate a logged-in X account by following users and performing engagement actions, but it does not present a prominent, user-facing warning that these are autonomous account actions with public consequences. In a browser-authenticated context, this makes unintended or misunderstood execution more dangerous because the agent can act immediately on the user's live account.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This workflow directs the agent to autonomously search for third-party tweets and post public comments intended to increase exposure and followers, without a strong user-facing warning or per-post approval. That creates a significant risk of unintended spammy behavior, reputational damage, platform-policy violations, and abuse of the authenticated account for mass unsolicited engagement.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script submits a public reply immediately after typing, either by clicking the detected Reply/Post button or sending Meta+Enter, without any user confirmation, preview, or dry-run safeguard. In the context of an automation skill designed to drive engagement and posting on a real X account, this increases the risk of unintended public messages, reputational damage, spam-like behavior, and accidental posting to the wrong tweet if the UI was misdetected.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script performs state-changing actions on a user's X account by automatically clicking Follow/关注/回关 buttons without a confirmation step, dry-run mode, or explicit per-action consent. In this skill context, the agent is operating a real social-media account, so silent bulk actions can cause unintended account modifications, policy violations, reputational harm, or account restrictions if the page is misidentified or the automation behaves unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal